Print Page - Wireguard Gateway

Title: Wireguard Gateway
Post by: Vin2 on July 31, 2024, 11:43:48 AM

Hello everybody,

I try to configure a Wireguard Gateway to route my networks through the tunnel to ProtonVPN.

I configured my Firewall as described in the wiki
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

Yet unfortunaetly there is no internet access through that route

The only thing that looks fishy to me is the lack of "UP" in the Wireguard Status for the peer

Can anybody help to troubleshoot this?

Regards

Title: Re: Wireguard Gateway
Post by: doktornotor on July 31, 2024, 11:55:48 AM

Look at the logs and post them.

Title: Re: Wireguard Gateway
Post by: Vin2 on July 31, 2024, 12:03:24 PM

attached

Title: Re: Wireguard Gateway
Post by: doktornotor on July 31, 2024, 12:14:24 PM

Well, I meant the wireguard logs...

Title: Re: Wireguard Gateway
Post by: DEC670airp414user on July 31, 2024, 12:15:45 PM

screen shot 2.

delete the top rule (or disable it)
for the IP 4 Lan.net rule. why not change the gateway to protonvpn? reset states and see if it actually works?

then fine tune your alias's / certain computers you want to go out the tunnel

Title: Re: Wireguard Gateway
Post by: Vin2 on July 31, 2024, 12:40:42 PM

Picture 1 - Wireguard Logs

Picture 2 - Tried changing the Gateway to ProtonVPN, didnt work

Title: Re: Wireguard Gateway
Post by: DEC670airp414user on July 31, 2024, 01:42:11 PM

interface area doesn't appear to be completed all the way.

have you clicked advanced mode top left? then for DNS put their DNS server and IP address for the gateway address in your configuration file

depending on if you are using ISC or Kea. you will need to add the dns server

Title: Re: Wireguard Gateway
Post by: Vin2 on July 31, 2024, 02:51:29 PM

interface is setup as described in the wiki here

dns is also setup accordingly in the instance, do you think here lays the problem?
I already tried to use 1.1.1.1, or 10.2.0.1 (privided from protonvpn as DNS)=>didnt work as well

Title: Re: Wireguard Gateway
Post by: DEC670airp414user on July 31, 2024, 03:41:52 PM

I've never created the gateway manually... I would delete yours and click save> and go to interfaces > the proton WG interface and at the very bottom click Dynamic gateway policy

also on that page I put in MTU of 1320 or up to 1380 and save..

go back to system / gateway / config and see if it shows online. if not open it. click save and see if it comes online for you.

Title: Re: Wireguard Gateway
Post by: kozistan on July 31, 2024, 04:35:53 PM

i have 27 proton wan's for production network, one of my client wanted to filter activity on those interfaces. It was year ago or so and same, i was not able to get it work with WG.
Also spoke with proton support and the answer was that wireguard gateways is't the way. I made with openvpn and it's working till now.

Title: Re: Wireguard Gateway
Post by: DEC670airp414user on July 31, 2024, 04:41:47 PM

I don't pay for proton currently but have two other "providers" where the setup is fairly straightforward and just works

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: Vin2 on July 31, 2024, 11:43:48 AM